k8s-(node节点kubelet、kube-proxy)

1、在master节点执行

生成bootstrap.kubeconfig、kube-proxy.kubeconfig配置文件

# 设置客户端认证参数
#token 配置文件在/opt/kubernetes/cfg/token.csv文件里面，可以重上面博客找
kubectl config set-credentials kubelet-bootstrap 
  --token=0fb61c46f8991b718eb38d27b605b008 
  --kubeconfig=bootstrap.kubeconfig

APISERVER=$1
SSL_DIR=$2

# 创建kubelet bootstrapping kubeconfig 
export KUBE_APISERVER="https://$APISERVER:6443"

# 设置集群参数
kubectl config set-cluster kubernetes 
  --certificate-authority=$SSL_DIR/ca.pem 
  --embed-certs=true 
  --server=${KUBE_APISERVER} 
  --kubeconfig=bootstrap.kubeconfig

# 设置客户端认证参数
kubectl config set-credentials kubelet-bootstrap 
  --token=0fb61c46f8991b718eb38d27b605b008 
  --kubeconfig=bootstrap.kubeconfig

# 设置上下文参数
kubectl config set-context default 
  --cluster=kubernetes 
  --user=kubelet-bootstrap 
  --kubeconfig=bootstrap.kubeconfig

# 设置默认上下文
kubectl config use-context default --kubeconfig=bootstrap.kubeconfig

#----------------------

# 创建kube-proxy kubeconfig文件

kubectl config set-cluster kubernetes 
  --certificate-authority=$SSL_DIR/ca.pem 
  --embed-certs=true 
  --server=${KUBE_APISERVER} 
  --kubeconfig=kube-proxy.kubeconfig

kubectl config set-credentials kube-proxy 
  --client-certificate=$SSL_DIR/kube-proxy.pem 
  --client-key=$SSL_DIR/kube-proxy-key.pem 
  --embed-certs=true 
  --kubeconfig=kube-proxy.kubeconfig

kubectl config set-context default 
  --cluster=kubernetes 
  --user=kube-proxy 
  --kubeconfig=kube-proxy.kubeconfig

kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig

#前文中认证文件 /root/k8s/k8s-cert/
[root@linux-node1 kubeconfig]# pwd
/root/k8s/kubeconfig

[root@linux-node1 kubeconfig]# sh kubeconfig.sh 192.168.56.11 /root/k8s/k8s-cert/

[root@linux-node1 kubeconfig]# 

拷贝配置文件
scp bootstrap.kubeconfig  kube-proxy.kubeconfig root@192.168.56.12:/opt/kubernetes/cfg/
scp bootstrap.kubeconfig  kube-proxy.kubeconfig root@192.168.56.13:/opt/kubernetes/cfg/

#拷贝kubelet命令
[root@linux-node1 bin]# pwd
/root/k8s/kubernetes/server/bin

scp kubelet root@192.168.56.12:/opt/kubernetes/bin/
scp kubelet root@192.168.56.13:/opt/kubernetes/bin/
scp kubelet root@192.168.56.11:/opt/kubernetes/bin/

#创建rbac用户
kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap

2、在node01节点执行

[root@linux-node2 ~]# cat kubelet.sh 
#!/bin/bash

NODE_ADDRESS=$1
DNS_SERVER_IP=${2:-"10.0.0.2"}

cat <<EOF >/opt/kubernetes/cfg/kubelet

KUBELET_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=${NODE_ADDRESS} \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--config=/opt/kubernetes/cfg/kubelet.config \
--cert-dir=/opt/kubernetes/ssl \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"

EOF

cat <<EOF >/opt/kubernetes/cfg/kubelet.config

kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: ${NODE_ADDRESS}
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterDNS:
- ${DNS_SERVER_IP} 
clusterDomain: cluster.local.
failSwapOn: false
authentication:
  anonymous:
    enabled: true
EOF

cat <<EOF >/usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Requires=docker.service

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet $KUBELET_OPTS
Restart=on-failure
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kubelet
systemctl restart kubelet

[root@linux-node2 ~]#  sh kubelet.sh 192.168.56.12

#查看kubelet是否启动
[root@linux-node2 ~]# ps -ef|grep kube
root       1869      1  0 Feb10 ?        00:04:01 /opt/kubernetes/bin/flanneld --ip-masq --etcd-endpoints=https://192.168.56.11:2379,https://192.168.56.12:2379,https://192.168.56.13:2379 -etcd-cafile=/opt/etcd/ssl/ca.pem -etcd-certfile=/opt/etcd/ssl/server.pem -etcd-keyfile=/opt/etcd/ssl/server-key.pem
root      88662      1  1 23:06 ?        00:00:09 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --hostname-override=192.168.56.12 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet.config --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0
root      89907   1776  0 23:20 pts/0    00:00:00 grep --color=auto kube

3、在master节点执行

[root@linux-node1 kubeconfig]# kubectl get csr
NAME                                                   AGE   REQUESTOR           CONDITION
node-csr-bIE2vtpw1IAEl4TpIxVgXdmiSHtX8nNqmbaMlzXGGa4   28s   kubelet-bootstrap   Pending

[root@linux-node1 kubeconfig]# kubectl certificate approve node-csr-bIE2vtpw1IAEl4TpIxVgXdmiSHtX8nNqmbaMlzXGGa4
certificatesigningrequest.certificates.k8s.io/node-csr-bIE2vtpw1IAEl4TpIxVgXdmiSHtX8nNqmbaMlzXGGa4 approved
[root@linux-node1 kubeconfig]# kubectl get csr
NAME                                                   AGE     REQUESTOR           CONDITION
node-csr-bIE2vtpw1IAEl4TpIxVgXdmiSHtX8nNqmbaMlzXGGa4   2m22s   kubelet-bootstrap   Approved,Issued
[root@linux-node1 kubeconfig]# kubectl get node
NAME            STATUS   ROLES    AGE   VERSION
192.168.56.12   Ready    <none>   16s   v1.12.10

 4、在node01节点执行 启动kube-proxy

[root@linux-node2 ~]# cat proxy.sh 
#!/bin/bash

NODE_ADDRESS=$1

cat <<EOF >/opt/kubernetes/cfg/kube-proxy

KUBE_PROXY_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=${NODE_ADDRESS} \
--cluster-cidr=10.0.0.0/24 \
--proxy-mode=ipvs \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kube-proxy
systemctl restart kube-proxy
[root@linux-node2 ~]# 
[root@linux-node2 ~]# cat proxy.sh 
#!/bin/bash

NODE_ADDRESS=$1

cat <<EOF >/opt/kubernetes/cfg/kube-proxy

KUBE_PROXY_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=${NODE_ADDRESS} \
--cluster-cidr=10.0.0.0/24 \
--proxy-mode=ipvs \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kube-proxy
systemctl restart kube-proxy

[root@linux-node2 ~]# sh proxy.sh 192.168.56.12
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.
[root@linux-node2 ~]# ps -ef|grep kube
root       1869      1  0 Feb10 ?        00:04:01 /opt/kubernetes/bin/flanneld --ip-masq --etcd-endpoints=https://192.168.56.11:2379,https://192.168.56.12:2379,https://192.168.56.13:2379 -etcd-cafile=/opt/etcd/ssl/ca.pem -etcd-certfile=/opt/etcd/ssl/server.pem -etcd-keyfile=/opt/etcd/ssl/server-key.pem
root      88662      1  1 23:06 ?        00:00:12 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --hostname-override=192.168.56.12 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet.config --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0
root      90377      1  2 23:25 ?        00:00:00 /opt/kubernetes/bin/kube-proxy --logtostderr=true --v=4 --hostname-override=192.168.56.12 --cluster-cidr=10.0.0.0/24 --proxy-mode=ipvs --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig
root      90508   1776  0 23:25 pts/0    00:00:00 grep --color=auto kube